Data Deletion Policy

If you wish to close your account and delete all of the data associated with your account, including all data sourced from third-parties (such as Google Gmail), please follow these steps:

  • Sign-in to the system at https://app.wellybox.com/.
  • In the top menu, click on Profile. If you are already signed-in, click here.
  • Scroll down and click Close Account & Delete Account Data.
  • Follow the instructions as they appear on screen.

This will delete all the data you have with us, including data sourced from third-parties. Please be advised that account and data deletions are irreversible.

Responsible Disclosure Program

WellyBox is strongly committed to responsible reporting and disclosure of security-related issues. As such, we've adopted and follow a set of policies which conform to that ideal and are geared toward allowing us to deliver timely security updates to the WellyBox app.

Reporting Security Issues

Short version: please report security issues by emailing security@wellybox.com.

Most normal bugs in WellyBox are reported to our support team, but due to the sensitive nature of security issues, we ask that you do not contact WellyBox support.

Instead, if you believe you’ve found something in WellyBox which has security implications, please send a description of the issue via email to security@wellybox.com. Mail sent to that address reaches the security team.

Once you've submitted an issue via email, you should receive an acknowledgment from a member of the security team within 48 hours, and depending on the action to be taken, you may receive further followup emails.

We ask that you keep information about any vulnerabilities you've discovered confidential between yourself and WellyBox until the vulnerabilities are fixed. We also ask that you make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing.

If you follow these guidelines when reporting an issue to us, we commit to:

  • Work with you to understand and resolve the issue quickly (including an initial confirmation of your report within 48 hours of submission)
  • Recognize your contribution on our security page, if you are the first to report the issue and we make a code or configuration change based on the issue.